Wouter Verhelst <wou...@debian.org> writes: > Simple mathematics.
> To me, a "strong hash" is a hash for which collisions are unlikely. > A SHA512 hash is longer than a SHA1 hash. Therefore it has more bits. > Therefore it has more possible values, which decreases the likelihood > that two collections of bits will produce the same hash value by > accident. SHA-1 is already sufficiently unlikely that, barring a break in the underlying mathematics, it's not clear that you're gaining anything. Increasing the number of multiples of the age of the universe that it takes to brute force something doesn't make any actual, practical difference. In both cases, the primary concern is around breaks in the underlying mathematics, rather than in comparative brute force. I find it very hard to get excited about simple counts of the number of bits in the hash when the important factor for whether it's a secure hash is basically independent of length. The length is adequate for even theoretical computation models that use every atom in the solar system. > In addition, there are some concerns today about the strength of SHA1. > It's not yet broken, but it's not right to think of it as "fully safe" > anymore, either. Hashes don't get stronger over time; they get weaker. This is the part that's more interesting. However, SHA-256 and SHA-512 are the same algorithm, and therefore are probably subject to the same attacks. So adding SHA-512 when we already have SHA-256 seems rather pointless. Adding SHA-3, which is a different algorithm and therefore might resist mathematical attacks that break SHA-2, is much more interesting. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r4e3zyps....@windlord.stanford.edu